All Global Crypto Exchanges Must Now Share Customer Data, FATF Rules

A powerful intergovernmental organization devoted to combating money laundering and terrorism financing has finalized its recommendations on regulating cryptocurrencies for its 37 member countries.

As expected, the Financial Action Task Force (FATF) standards released Friday include a controversial requirement that “virtual asset service providers” (VASPs), including crypto exchanges, pass information about their customers to one another when transferring funds between firms.

Under the new guidance, the required information for each transfer includes:

(i) originator’s name (i.e., the sending customer);

(ii) originator’s account number where such an account is used to process the transaction (e.g., the VA wallet);

(iii) originator’s physical (geographical) address, or national identity number, or customer identification number (i.e., not a transaction number) that uniquely identifies the originator to the ordering institution, or date and place of birth;

(iv) beneficiary’s name; and

(v) beneficiary account number where such an account is used to process the transaction (e.g., the VA wallet).

Calling the “threat of criminal and terrorist misuse of virtual assets” a “serious and urgent” issue, FATF said in a public statement that it will give countries 12 months to adopt the guidelines, with a review set for June 2020.

Enforcement recommendations

The guidelines also suggest that individuals using crypto wallets to transmit value could be designated VASPs, and thus subject to licensing requirements – at least if they do so as a business.

“In cases where the VASP is a natural person, it should be required to be licensed or registered in the jurisdiction where its place of business is located—the determination of which may include several factors for consideration by countries,” the document says.

Individuals are not VASPs if they use crypto to buy goods or services or if they make “a one-off exchange or transfer,” FATF said.

FATF is also giving countries the option of requiring foreign VASPs that provide products or services within their jurisdiction to register with the appropriate authorities.

“Competent authorities should take the necessary legal or regulatory measures to prevent criminals or their associates from holding, or being the beneficial owner of, a significant or controlling interest, or holding a management function in, a VASP,” the guidance states elsewhere.

“Such measures should include requiring VASPs to seek authorities’ prior approval for substantive changes in shareholders, business operations, and structures,” it adds.

For enforcement purposes, FATF recommends that countries consider using open-source information and web-scraping tools to identify unregistered or unlicensed operations advertising their services. Authorities should also consider public feedback, information from reporting institutions and “non-publically available information,” such as intelligence or law enforcement reports.

The guidance even addresses services designed to obfuscate the origin of crypto transfers, saying nations should make sure that providers can either manage or mitigate the risks of transfers that use mixers, tumblers or similar tools. “If the VASP cannot manage and mitigate the risks posed by engaging in such activities, then the VASP should not be permitted to engage in such activities,” the document reads.

VASPs should also be able to freeze or prohibit transactions with sanctioned individuals, FATF said.

Short-term impact?

Data analytics company Chainalysis, among others, has warned that instead of more transparency, the now-official rule would spur services to shut down or drop off the radar.

But despite hearing such concerns at a private-sector consultation meeting in Vienna last month, which drew 300 attendees, the FATF, led by the United States, pressed ahead.

“By adopting the standards and guidelines agreed to this week, the FATF will make sure that virtual asset service providers do not operate in the dark shadows,” U.S. Treasury Secretary Steven Mnuchin said in remarks to the FATF plenary session held Friday in Orlando, Florida.

This will help the fintech sector “stay one step ahead of rogue regimes and sympathizers of illicit causes,” he said, adding:

“We will not allow cryptocurrency to become the equivalent of secret numbered accounts [and] we will allow for proper use, but we will not tolerate the continued use for illicit activities.”

To be clear: FATF’s recommendations for anti-money-laundering policies are not binding; member countries adopt them by passing legislation or writing regulations. However, countries that fall egregiously out of compliance with FATF standards get put on a blacklist, making them radioactive to foreign investment.

The crypto guidelines come a week ahead of the annual Group of 20 (G20) summit in Osaka, Japan, on June 28-29. The G20, comprised of 19 countries and the European Union, has been pushing for international harmonization of crypto regulations.

The guidelines also come just before the United States’ one-year presidency of the FATF ends on June 30. Marshall Billingslea, the U.S. Treasury official who holds the rotating post, had listed applying FATF standards to virtual currency among his top priorities.

The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.